[PM-31652]Inline autofill for totp code on vimeo.com login does not appear

[dan-livefront]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-31652

📔 Objective

Added security code alongside security_code for TotpFieldNames in order to keep change pragmatic and scoped

📸 Screenshots

[github-actions]

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR fixes TOTP inline-menu detection on vimeo.com login by adding "security code" (space-separated) to AutoFillConstants.TotpFieldNames alongside the existing "security_code" entry, and by short-circuiting isEmailField to return false when the field qualifies as a TOTP field. The new keyword pairing mirrors the pre-existing "verificationcode" / "verification code" convention, and the isEmailField bail-out follows the same pattern already used in isUsernameField and isPasswordField. A unit test covers the new email/TOTP short-circuit. Scope is small and targeted; no behavioral risk beyond the autofill keyword-matching surface.

Code Review Details

No findings. The change is consistent with existing conventions in inline-menu-field-qualification.service.ts and autofill-constants.ts, and the tokenization in apps/browser/src/autofill/utils/qualification.ts ensures the new space-separated keyword reliably matches placeholders like "Security code" (which the underscore-form security_code keyword would not have matched on its own).

[github-actions]

Checkmarx One – Scan Summary & Details – f0065cbb-320c-491b-ba0a-52fe0b946580

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 47.10%. Comparing base (0e2dc87) to head (a09806b).
⚠️ Report is 3 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #20436   +/-   ##
=======================================
  Coverage   47.10%   47.10%           
=======================================
  Files        3930     3930           
  Lines      119287   119289    +2     
  Branches    18302    18303    +1     
=======================================
+ Hits        56190    56192    +2     
  Misses      58840    58840           
  Partials     4257     4257           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[bw-ghapp]

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and all feature flags disabled.

✅ Fortunately, these BIT tests have passed! 🎉

[bw-ghapp]

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and the feature flag configuration used by vault.bitwarden.com.

✅ Fortunately, these BIT tests have passed! 🎉